Crap at the bottom of my source code?

Take a look at this:

View the source, scroll down. What is that?

It was in my index.htm file in the root also (meaning some sort of crawler put it there). I originally found it in my WordPress. I checked my wordpress theme and couldn’t find it there.

Anyone know what this is and how it works? I really want to get rid of it it’s causing my XHTML validation to go bad.


Looks like your site has been compromised and some malware has put a ton of spam links into your files.

Change your FTP or cpanel password immediately! Check the computer you’re usually working from for viruses, trojans and other malware. It might be a keylogger on it, in which case the password change won’t make much of a difference until you get rid of the cr@p.

Then make sure you have the latest security patches installed for WordPress and any other software you’re using. And then get rid of the spam and keep a close eye on your files.

you should delete it straight away. i had that happen to one of my sites, although it was no where near the amount of crap you’ve got, but once google picks up on that they label your site as potential problem, warning people that your site may effect their computer, so get rid of it quick sharp.

If your CMS is up-to-date, your FTP password is pretty good (a strong one) then check with your host, if your installation has been compromised there may be a chance that the host has had issues too (I had a similar compromise when hosted with mediaTemple a while back which was down to issues with them). :slight_smile:

What host are you using?
You even find out by yourself if they had some problems or issues?
Also and as Alex said verify that you are using the last version of wordpress and that your pasword for your FTP and Cpanel/Manager is well protected and difficult to guess or preferably change them (you should change those every few months BTW)…

Yes… What host are you using? Some mediatemple wordpress instalations were compromised a while back and they gave out a fix to everyone - but if your with them is possible you’ve been missed… Also, thats not a dig at them at all - and it could quite easily happen with another host.

Scarily, it wasn’t just Wordpress installations, it was mediaTemple’s main infrastructure because they saved all our passwords in plaintext and some monkey found out, broke in and then started adding spam to our index.php pages (en mass). When things like that happen it’s no surprise hacks occur. :eek:


Plain-text are they absolute morons? Nobody in their right-mind would do that; at a bare minimum normal people would use encryption like MD5 although obviously MD5 is fairly weak.[/ot]

Shocking! MediaTemple (mt) are supposed to be a top-notch Web hosting company! :eek: Making a beginners’ mistake like this one cant really damage their business…

This happened to a friend of mine just yesterday. He had a number of sites on a Godaddy hosting account all in subfolders and all of them were affected with malware. Such a pain to clean up the mess.

Thanks for the replies & sorry for the delay,

I use inmotion hosting.

I will look into it later and get back when I have time

Thanks again